nix-bitcoin/modules/bitcoind.nix
2018-11-22 23:06:41 +00:00

86 lines
2.3 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.bitcoin;
home = "/var/lib/bitcoin";
configFile = pkgs.writeText "bitcoin.conf" ''
listen=${if cfg.listen then "1" else "0"}
prune=2000
assumevalid=0000000000000000000726d186d6298b5054b9a5c49639752294b322a305d240
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
addnode=ecoc5q34tmbq54wl.onion
discover=0
${optionalString (cfg.port != null) "port=${toString cfg.port}"}
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
${optionalString (cfg.rpcpassword != null) "rpcuser=${cfg.rpcpassword}"}
'';
in {
options.services.bitcoin = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, the bitcoin service will be installed.
'';
};
listen = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, the bitcoin service will listen.
'';
};
proxy = mkOption {
type = types.nullOr types.string;
default = null;
description = ''
proxy
'';
};
port = mkOption {
type = types.nullOr types.ints.u16;
default = null;
description = "Override the default port on which to listen for connections.";
};
rpcuser = mkOption {
type = types.nullOr types.string;
default = null;
description = "Set bitcoin RPC user";
};
rpcpassword = mkOption {
type = types.nullOr types.string;
default = null;
description = "Set bitcoin RPC password";
};
};
config = mkIf cfg.enable {
users.users.bitcoin = {
description = "Bitcoind User";
createHome = true;
inherit home;
};
systemd.services.bitcoind = {
description = "Run bitcoind";
path = [ pkgs.bitcoin ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${home}/.bitcoin
ln -sf ${configFile} ${home}/.bitcoin/bitcoin.conf
'';
serviceConfig = {
ExecStart = "${pkgs.bitcoin}/bin/bitcoind";
User = "bitcoin";
Restart = "on-failure";
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
};
};
};
}